Gitorious 3.0 Beta 1

It’s been quite a journey, but we pulled through, and we are excited to finally present you with the first beta of Gitorious 3.0!

Take it for a spin

We set up a trial instance on v3.gitorious.org. You should especially check out the new repository pages. This instance is free for all, so please register an account and test at will. Just note that it will be removed once gitorious.org is upgraded to Gitorious 3. There are already some known issues, and I will be posting updates to this demo throughout next week.

For those of you who want to run Gitorious 3 yourself, there will eventually be a pre-built CentOS-based VM available on getgitorious.com. Unfortunately, we haven’t had time to fix that up yet, and as we are now going into vacation mode, it will be a few weeks.

Your best option for self-hosting Gitorious 3 at this point is to install Gitorious 2, e.g. by using the Community Edition, and follow the manual upgrade instructions found in the repository.

For people wanting to hack on Gitorious, there are instructions in the repo for CentOS and Ubuntu for how to get the development environment up and running. These take some shortcuts that are not recommended for production deployments, but will get everything up and running.

What’s new?

The big news in Gitorious 3 is the new and improved code browser. In addition to being a big improvement UI-wise, it supports many new small useful features. The code browser also provides quick access to browsing and viewing files, blame, log for individual paths and more.

Browsable URLs

The old

/project/repository/blobs/*

and

/project/repository/trees/*

URLs are gone. In their place we now have a unified way of browsing source code through

/project/repository/source/ref:path

, e.g.

/project/repository/source/master:Readme.org

Automatic rendering of README in your repository

Gitorious will render any README file it can render in your repository.

DoltReadmes

Not only will it render READMEs in the root of your repository, but from any directory inside your repository.

Vastly improved syntax highlighting

The syntax highlighting in Gitorious 3 is powered by Pygments, arguably the best syntax highlighting toolkit around. This means Gitorious now supports every one of Pygments’ long list of supported languages.

syntax_highlighting

Highlight code

When browsing files, you can mouse over lines to highlight them. If you want to share highlights with other people, click a line, copy the URL and share at will. You can also highlight a region by clicking a line, holding shift and clicking another one. Copy the URL and off it goes.

line-nums

Convenient branch/ref selector

The code browser has a branch selector in the upper right corner, which is always available for any action where different branches/refs has different content (i.e. when browsing code, but also the log etc). This allows you to select branches and tags, or enter any Git oid to view it.

branch-selector

Curl-able downloads!

Gitorious has used a polling mechanism to serve tarballs for some time. In Gitorious 3, this is gone, and we use simple GETs to fetch tarballs. For high-traffic deployments, getgitorious.com has information on how to configure nginx so this scales well.

Detached code browser

The code browser shipping with Gitorious 3 is also released as a stand-alone tool that you can use to visualize your repositories locally. You can even use it for a light-weight read-only Git repository hosting service on your server. The tool is called Dolt, and if you have Ruby installed, you can try it out in 5 minutes: gem install dolt. Run either in a git repository, or in a directory that contains many git repositories: `cd /my/git/repo && dolt .`

dolt

Web hooks

In Gitorious 3, you can select the “admin” menu on your repositories when logged in, and it will offer you to manage web hooks. These are URLs that Gitorious will send a POST request to everytime someone pushes to the repository. Postbin is a great service for debugging these things, and here’s a sample payload from Gitorious.

webhooks

Log in with either email or login

In the past, Gitorious would only allow logins with email address. If you’re using the database backed authentication, you can now log in with either your email address, or your login/screen name.

Rails 3.2 under the hood

Gitorious 3 is based on Rails 3, which brings vastly improved security, performance and provides a better base for evolving the software. Some of you may have seen that Rails 4 was just released, and Gitorious 3.1 or 3.2 will likely be moving to Rails 4. When that happens, Ruby 1.8.7 (and Ruby Enterprise Edition) support is gone (Rails 4 does not support it).

Backwards and forwards compatibility

Gitorious 3.0 supports Ruby 1.8.7, primarily because many Linux distros still ship this version. Ruby 1.8.7 support should not be expected to last for long. We recommend that you run Gitorious 3.0 on Ruby 1.9.3, and Ruby 2.0.0 support is just around the corner (one of our dependencies is causing a segfault, but we have verified that everything will work once an update is released for it).

Improved Ruby API

The low-level APIs in Gitorious have been refactored and restructured in several areas. This work is not yet complete, and will continue throughout the summer. This will eventually make it easier to perform power-user/admin tasks from the console. Gitorious 3 ships with “use cases” that can be run from the command line, and encapsulates everything required to carry out certain tasks. Some documentation is available.

Git data mirroring

We’re currently finishing up a new feature that allows Gitorious to mirror all git data to one or more mirrors. This will help in cases where you want a “ready to go” failover server for Gitorious. This feature does not ship with the first beta, but will be in the final version.

What remains

This is a beta, and as such, bugs should be expected. We would love your help and support in testing this, and we will soon roll out the beta on gitorious.org. Once we’ve gotten through the worst crop of bugs, Gitorious 3.0 stable will be tagged and released. When that happens, everyone will be strongly urged to upgrade, as we will not provide updates for Gitorious 2 much longer.

You will also notice that while most of the repository pages sport a shiny new UI, we have not completed this transition entirely. Changing the UI all around is a big task, and we will continue iterating on this until the old UI is gone. We’re sorry that the app will have two faces in this transitional period, but we believe the improvements we’ve made already makes it more than worthwhile.

What do you think?

Try it and out, and let us know what you think. We are very excited about this release, and hope you will like it as much as we do.

On behalf of the Gitorious team,
Christian (@cjno).

Maintenance May 21st

The server center where the gitorious.org servers are located is being reorganized. From 1AM CET,  Tuesday May 21st, all gitorious.org services will be down for approximately 2 hours while the servers are relocated. This time is  night time European time, and evening time in the Americas, but we apologize for any inconveniences caused by this maintenance window.

Gitorious is featured on the GitMinutes podcast

GitMinutes is a fairly new podcast about Git, with weekly episodes featuring interviews with people doing all kinds of things with Git. This podcast is a great way to keep track of what’s happening in the Git community.

I’m in this week’s episode, talking about Gitorious and Git infrastructure. I had a great time chatting with Thomas from GitMinutes, and you’ll find the current episode here.

An update about Gitorious v3.0

When we merged the Rails 3 branch into next back in January it was our intention that this would become Gitorious 3.0, with few user-visible features. Our plan was to ship 3.1 shortly after, including the new code browser we started working on last year.

The upgrade to rails 3 was done mainly to enable us to run the code browser asynchronously, and we have put a lot of effort into making it possible to run an asynchronous web server alongside the Gitorious Rails application. Despite these efforts we were never able to get the stability we need with this setup. To make matters worse, the speed benefits from running asynchronously haven’t been as big as we had hoped. Because of this we have decided to make some changes to our plans:

Gitorious 3 will include the new code browser

We felt that shipping a new major without any major user-facing changes doesn’t make any sense. Since the updated code browser is so close to being merged, we’ll wait with tagging the 3.0 version until the new code browser has been merged into the next branch. We feel it’s worth waiting for:

New Gitorious UI sketch - syntax highlighting

The code browser in Gitorious 3 will not be asynchronous

We will change the code browser so it no longer runs asynchronously; rather it will be a Rack application running inside Gitorious. The git repository access is still done using libgit2/rugged, which gives great speed and stability gains, and we will finally get proper syntax highlighting courtesy of Pygments.

We hope to tag Gitorious 3.0 before the end of April, and will deploy it to gitorious.org as soon as it’s been tagged. It will feature:

  • Rails 3.2
  • Partial new UI
  • Significantly improved repository browser (Dolt)
  • New syntax highlighting, along with support for vast numbers of new languages
  • Readme-rendering for repositories
  • A JSON/HTTP based API, more details soon!
  • Ruby 1.9 support

Shortly after 3.0 lands we will keep working on propagating the UI upgrade to other parts of the application.

Gitorious v2.4.12 is released (security update)

Three new vulnerabilities have been fixed for Ruby on Rails, on which Gitorious is built. Read the original Ruby on Rails sec-list announcements for further details.

The steps for upgrading are, as usual (from within the root gitorious clone/source directory):

git fetch --tags

git merge v2.4.12

git submodule update --init

bundle install

We advise all users running their own Gitorious servers to upgrade immediately. Note that the Gitorious Community Edition installer has also been updated to install v2.4.12 now.

Gitorious v2.4.10 has been released

 

As a refreshing change from the security-related versions of Gitorious over the last weeks, we’re glad to announce that version 2.4.10 of Gitorious was just released. This release contains fixes several bugs in Gitorious, among these:

  • Fix broken pushes with sync messaging adapter
  • Fix layout for global system message
  • Fix mass-assignment related bugs
  • Include repositories in Project XML output
  • Fix broken User avatar upload
  • Finally fix the double merge request versions
  • Make bin/bundle work when bundle needs update(s)

Furthermore, you may place global git hooks on a location specified in gitorious.yml.

The steps for upgrading are, as usual:

  • git fetch origin
  • git merge v2.4.10
  • git submodule update
  • bundle install
  • touch tmp/restart.txt (assuming you’re using Passenger. For non-Passenger deployments, restart your application server like you normally do)

Happy upgrades!

Gitorious went down this morning

Our frontend web server went down at 6:24CET this morning, we will be updating this post as we bring the server back up. Here’s what we know right now:

  • At 6:24 CET a Kernel oops occured. The alarms at our hosting provider went off, and the server was booted. 
  • Since the file system keeping the repositories hasn’t had a full consistency check since August 2012 a fsck was started
  • When fsck hadn’t completed at 8:00 CET, the server was routinely rebooted, and another fsck process was started at 8:04 CET
  • The last time we ran a full fsck on the file system, it took about 2.5 hours. Since then, however, we have installed dedicated storage for our servers, and this has higher IO capacity than the one we were running from in August last year.
  • 10:06 CET: The server is back up. We will upgrade the kernel and do another reboot, hopefully the kernel issue we encountered earlier today has been resolved. Expect a few minutes downtime in a few minutes
  • 10:13 CET: All systems are running again, with an updated kernel

Improved and updated the Gitorious CE Installer (v2.4.9)

We’ve closed a number of recent security issues related to Ruby and Rails (which Gitorious depends on). The Community Edition Installer has lagged behind a bit but is, as of today, upgraded to install the latest version of Gitorious (v2.4.9). The update also includes our current recommended default settings plus some improvements to the installer itself.

Short story: following the steps outlined at http://getgitorious.com/installer on a fresh CentOS 6 server will ensure that you end up with the latest version of Gitorious installed.

Already running on an older version of Gitorious and need to upgrade? Follow the standard installation procedure outlined here.

Please let us know if you run into any issues with the installer: the Gitorious team can be reached at support@gitorious.org

Changelog for the installer:

Update to Gitorious v2.4.9 & improve installer

Brings the installer up to Gitorious v2.4.9, uses the current most
sensible default settings for that version, fixes recent Rails and
Ruby-related security issues and improves the installer itself.

Breakdown:

- Using resque instead of ActiveMq

- Using nginx+unicorn instead of apache+passenger

- Use latest version of Gitorious

- Includes fixes for recent Ruby/Rails security issues

- Using thinking sphinx instead of ultrasphinx

- Installer no longer nukes existing Ruby/Rubygems

- Installer logs puppet operations

- More robust puppet apply operation

- Truly random generated db/rails passwords

- Only create random db password on first run

- Remove unneeded git proxy, use git daemon directly

2.4.9 fixes regression in 2.4.8

I inadvertently broke creating new projects with yesterday’s 2.4.8 release. I have deployed a fix on gitorious.org, and just tagged 2.4.9. 2.4.9 also addresses a bug in Gitorious’ log graph visualization.

We made some sweeping changes yesterday, by changing attr_protected (which was the recent target of a Rails vulnerability) to attr_accessible – basically changing from black-listing to white-listing in what parameters can be posted to Gitorious and set on DB-backed models. It seems that one case was not covered by automatic tests, and was not discovered immediately.

Sorry for the inconvenience.

To upgrade your Gitorious, follow the regular procedure:

* git fetch origin
* git merge v2.4.9
* git submodule update
* bin/bundle install
* bin/rake assets:clear
* touch tmp/restart.txt (assuming you’re using Passenger. For non-Passenger deployments, restart your application server like you normally do)

Gitorious v2.4.8 is released

Three new vulnerabilities have been fixed for Ruby on Rails, on which Gitorious is built. Read the original announcements for further details. All users running their own Gitorious servers should upgrade immediately.

The steps for upgrading are, as usual:

  • git fetch origin
  • git merge v2.4.8
  • git submodule update
  • bundle install
  • touch tmp/restart.txt (assuming you’re using Passenger. For non-Passenger deployments, restart your application server like you normally do)

If you’re running on the next branch, that has been updated as well. Just pull from mainline, then restart your server, and you’re all set.

You will note that the advisory and the v2.4.8 tag were both signed with our PGP key, as part of the Security Policy described at our security page. By signing release tags and security advisories you can verify that these were in fact issued by the Gitorious team.

Follow

Get every new post delivered to your Inbox.

Join 865 other followers